The device has two web servers that expose unauthenticated REST APIs on the management network

链接： https://github.com/advisories/GHSA-jmx6-fwjr-crpx

CVSS 评分： 10.0

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-3499
https://www.cvcn.gov.it/cvcn/cve/CVE-2025-3499
https://github.com/advisories/GHSA-jmx6-fwjr-crpx

描述：

The device has two web servers that expose unauthenticated REST APIs on the management network (TCP
ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbitrary
commands that are executed with administrative permissions by the underlying operating system.

安全公告

#Github Advisory

The device has two web servers that expose unauthenticated REST APIs on the management network

http://example.com/2025/07/09/github_4054659419/

作者

lianccc

发布于

2025年7月9日

许可协议

Brother MFC-L9570CDW 信息泄露漏洞上一篇

An unauthenticated user with management network access can get and modify the Radiflow iSAP 下一篇